npm - @piprail/sdk - Versions diffs - 1.9.0 → 1.10.0 - Mend

@piprail/sdk 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/CHANGELOG.md +42 -0
package/ERRORS.md +21 -8
package/README.md +20 -0
package/STANDARDS.md +5 -2
package/dist/{algorand-IJJKE35X.cjs → algorand-MXUSKX46.cjs} +17 -17
package/dist/{algorand-B67G4335.js → algorand-WGVF4KTU.js} +1 -1
package/dist/{aptos-YQWTGFRZ.js → aptos-LPBLSEIQ.js} +1 -1
package/dist/{aptos-X3G2UBYW.cjs → aptos-YT7SXWPF.cjs} +16 -16
package/dist/{chunk-IQGT65WS.cjs → chunk-MDLZJGLY.cjs} +20 -16
package/dist/{chunk-QDS6FBZP.js → chunk-SVMGHASK.js} +4 -0
package/dist/index.cjs +811 -253
package/dist/index.d.cts +400 -31
package/dist/index.d.ts +400 -31
package/dist/index.js +734 -176
package/dist/{near-GGUHLXAF.cjs → near-7ZDNISUX.cjs} +19 -19
package/dist/{near-7MBBCDUE.js → near-K6BDBABG.js} +1 -1
package/dist/{solana-W24TCJV4.cjs → solana-PU7N2M64.cjs} +14 -14
package/dist/{solana-7WJVZGDW.js → solana-S3UFI3FE.js} +1 -1
package/dist/{stellar-HV6VGZX3.js → stellar-Q5PO23SC.js} +1 -1
package/dist/{stellar-YMY3K2YB.cjs → stellar-VDQOFQEO.cjs} +21 -21
package/dist/{sui-32KVESR5.cjs → sui-FKSMLKRF.cjs} +17 -17
package/dist/{sui-2WFWVFJX.js → sui-WOXRKJXS.js} +1 -1
package/dist/{ton-FIQGV2LC.cjs → ton-VK6KRJHP.cjs} +14 -14
package/dist/{ton-DGZB7W4U.js → ton-WPTXGLVK.js} +1 -1
package/dist/{tron-RLIL2FDI.js → tron-6GXBXTR4.js} +1 -1
package/dist/{tron-ZSXAPZ2C.cjs → tron-WLOF5OUV.cjs} +24 -24
package/dist/{xrpl-2PKP7HOI.cjs → xrpl-CMNI25BV.cjs} +21 -21
package/dist/{xrpl-UEC2GYVV.js → xrpl-HEAPEXAM.js} +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -10,6 +10,7 @@ import {
   PaymentTimeoutError,
   PipRailError,
   RecipientNotReadyError,
+  SettlementError,
   UnknownTokenError,
   UnsupportedNetworkError,
   WrongChainError,
@@ -20,7 +21,7 @@ import {
   parseUnits,
   rejectForeignToken,
   toInsufficientFundsError
-} from "./chunk-QDS6FBZP.js";
+} from "./chunk-SVMGHASK.js";
 // src/drivers/registry.ts
 var byFamily = /* @__PURE__ */ new Map();
@@ -63,7 +64,7 @@ function resolveNetwork(opts) {
 }
 // src/drivers/evm/index.ts
-import { BaseError, createPublicClient, erc20Abi as erc20Abi3, getAddress as getAddress2, http as http2, isAddress } from "viem";
+import { BaseError, createPublicClient, erc20Abi as erc20Abi3, getAddress as getAddress3, http as http2, isAddress } from "viem";
 // src/drivers/evm/chains.ts
 import { defineChain } from "viem";
@@ -483,20 +484,367 @@ function sumTransfersTo(logs, asset, payTo) {
   return { total, from };
 }
+// src/drivers/evm/exact.ts
+import {
+  getAddress as getAddress2,
+  parseSignature,
+  recoverTypedDataAddress
+} from "viem";
+var EXACT_NETWORK_SLUGS = {
+  ethereum: 1,
+  base: 8453,
+  "base-sepolia": 84532,
+  arbitrum: 42161,
+  optimism: 10,
+  polygon: 137,
+  avalanche: 43114
+};
+function chainIdForExactNetwork(slug) {
+  return EXACT_NETWORK_SLUGS[slug] ?? null;
+}
+var EIP3009_TYPES = {
+  TransferWithAuthorization: [
+    { name: "from", type: "address" },
+    { name: "to", type: "address" },
+    { name: "value", type: "uint256" },
+    { name: "validAfter", type: "uint256" },
+    { name: "validBefore", type: "uint256" },
+    { name: "nonce", type: "bytes32" }
+  ]
+};
+function parseExactRequirements(body) {
+  if (!body || typeof body !== "object") return null;
+  const accepts = body.accepts;
+  if (!Array.isArray(accepts)) return null;
+  const out = [];
+  for (const raw of accepts) {
+    if (!raw || typeof raw !== "object") continue;
+    const a = raw;
+    if (a.scheme !== "exact") continue;
+    const amount = a.maxAmountRequired ?? a.amount;
+    if (typeof a.network !== "string" || typeof amount !== "string" || typeof a.asset !== "string" || typeof a.payTo !== "string") {
+      continue;
+    }
+    out.push({
+      scheme: "exact",
+      network: a.network,
+      maxAmountRequired: amount,
+      asset: a.asset,
+      payTo: a.payTo,
+      maxTimeoutSeconds: typeof a.maxTimeoutSeconds === "number" ? a.maxTimeoutSeconds : 600,
+      ...a.extra && typeof a.extra === "object" ? { extra: a.extra } : {},
+      ...typeof a.description === "string" ? { description: a.description } : {},
+      ...typeof a.resource === "string" ? { resource: a.resource } : {}
+    });
+  }
+  return out;
+}
+async function buildExactAuthorization(params) {
+  const { account, accept, chainId, now, nonce } = params;
+  if (!account.signTypedData) {
+    throw new Error("buildExactAuthorization: the account cannot sign EIP-712 typed data.");
+  }
+  const authorization = {
+    from: account.address,
+    to: accept.payTo,
+    value: accept.maxAmountRequired,
+    validAfter: "0",
+    validBefore: String(now + accept.maxTimeoutSeconds),
+    nonce
+  };
+  const signature = await account.signTypedData({
+    domain: {
+      name: accept.extra?.name ?? "USD Coin",
+      version: accept.extra?.version ?? "2",
+      chainId,
+      verifyingContract: accept.asset
+    },
+    types: EIP3009_TYPES,
+    primaryType: "TransferWithAuthorization",
+    message: {
+      from: authorization.from,
+      to: authorization.to,
+      value: BigInt(authorization.value),
+      validAfter: BigInt(authorization.validAfter),
+      validBefore: BigInt(authorization.validBefore),
+      nonce: authorization.nonce
+    }
+  });
+  return { authorization, signature };
+}
+function base64(str) {
+  if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
+  if (typeof btoa === "function" && typeof TextEncoder !== "undefined") {
+    const bytes = new TextEncoder().encode(str);
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+    return btoa(binary);
+  }
+  throw new Error("No base64 encoder available in this runtime.");
+}
+function encodeXPaymentHeader(input) {
+  const payload = {
+    x402Version: input.x402Version ?? 1,
+    scheme: "exact",
+    network: input.network,
+    payload: { signature: input.signature, authorization: input.authorization }
+  };
+  return base64(JSON.stringify(payload));
+}
+var eip3009Abi = [
+  {
+    type: "function",
+    name: "transferWithAuthorization",
+    stateMutability: "nonpayable",
+    outputs: [],
+    inputs: [
+      { name: "from", type: "address" },
+      { name: "to", type: "address" },
+      { name: "value", type: "uint256" },
+      { name: "validAfter", type: "uint256" },
+      { name: "validBefore", type: "uint256" },
+      { name: "nonce", type: "bytes32" },
+      { name: "v", type: "uint8" },
+      { name: "r", type: "bytes32" },
+      { name: "s", type: "bytes32" }
+    ]
+  },
+  {
+    type: "function",
+    name: "transferWithAuthorization",
+    stateMutability: "nonpayable",
+    outputs: [],
+    inputs: [
+      { name: "from", type: "address" },
+      { name: "to", type: "address" },
+      { name: "value", type: "uint256" },
+      { name: "validAfter", type: "uint256" },
+      { name: "validBefore", type: "uint256" },
+      { name: "nonce", type: "bytes32" },
+      { name: "signature", type: "bytes" }
+    ]
+  },
+  {
+    type: "function",
+    name: "authorizationState",
+    stateMutability: "view",
+    inputs: [
+      { name: "authorizer", type: "address" },
+      { name: "nonce", type: "bytes32" }
+    ],
+    outputs: [{ type: "bool" }]
+  },
+  { type: "function", name: "name", stateMutability: "view", inputs: [], outputs: [{ type: "string" }] },
+  { type: "function", name: "version", stateMutability: "view", inputs: [], outputs: [{ type: "string" }] }
+];
+var ZERO_ADDR = "0x0000000000000000000000000000000000000000";
+var ZERO_NONCE = `0x${"00".repeat(32)}`;
+async function readExactDomain(publicClient, asset) {
+  if (asset === "native") return null;
+  let token;
+  try {
+    token = getAddress2(asset);
+  } catch {
+    return null;
+  }
+  try {
+    const [name, version] = await Promise.all([
+      publicClient.readContract({ address: token, abi: eip3009Abi, functionName: "name" }),
+      publicClient.readContract({ address: token, abi: eip3009Abi, functionName: "version" }),
+      // The EIP-3009 probe: this view exists only on EIP-3009 tokens; it reverts on
+      // a plain ERC-20 / USDT, marking the token as not exact-payable.
+      publicClient.readContract({
+        address: token,
+        abi: eip3009Abi,
+        functionName: "authorizationState",
+        args: [ZERO_ADDR, ZERO_NONCE]
+      })
+    ]);
+    if (typeof name !== "string" || typeof version !== "string" || !name || !version) return null;
+    return { name, version };
+  } catch {
+    return null;
+  }
+}
+function shorten(msg) {
+  const oneLine = msg.replace(/\s+/g, " ").trim();
+  return oneLine.length > 200 ? `${oneLine.slice(0, 200)}\u2026` : oneLine;
+}
+async function verifyAndSettleExactEvm(input) {
+  const { publicClient, walletClient, account, chain, payload, accept } = input;
+  const token = getAddress2(accept.asset);
+  const payTo = getAddress2(accept.payTo);
+  const requiredAmount = BigInt(accept.amount);
+  let from;
+  let to;
+  let value;
+  let validAfter;
+  let validBefore;
+  let nonce;
+  try {
+    from = getAddress2(payload.authorization.from);
+    to = getAddress2(payload.authorization.to);
+    value = BigInt(payload.authorization.value);
+    validAfter = BigInt(payload.authorization.validAfter);
+    validBefore = BigInt(payload.authorization.validBefore);
+    nonce = payload.authorization.nonce;
+    if (!/^0x[0-9a-fA-F]{64}$/.test(nonce)) throw new Error("nonce must be 32-byte hex");
+    if (!/^0x[0-9a-fA-F]+$/.test(payload.signature)) throw new Error("signature must be hex");
+  } catch (err) {
+    return {
+      ok: false,
+      error: "signature_invalid",
+      detail: `Malformed exact authorization: ${err instanceof Error ? err.message : String(err)}.`
+    };
+  }
+  if (to !== payTo) {
+    return { ok: false, error: "wrong_recipient", detail: `Authorization pays ${to}, not ${payTo}.` };
+  }
+  if (value < requiredAmount) {
+    return { ok: false, error: "amount_too_low", detail: `Authorized ${value}, required ${requiredAmount}.` };
+  }
+  const now = BigInt(Math.floor(Date.now() / 1e3));
+  if (validBefore <= now) {
+    return { ok: false, error: "payment_expired", detail: `Authorization expired: validBefore ${validBefore} <= now ${now}.` };
+  }
+  let fromCode;
+  try {
+    fromCode = await publicClient.getCode({ address: from });
+  } catch {
+    return { ok: false, error: "tx_not_found", detail: `Could not read code at ${from} (transient RPC) \u2014 retry.` };
+  }
+  const isContractWallet = Boolean(fromCode && fromCode !== "0x");
+  if (!isContractWallet) {
+    let recovered;
+    try {
+      recovered = await recoverTypedDataAddress({
+        domain: {
+          name: accept.extra.name,
+          version: accept.extra.version,
+          chainId: chain.id,
+          verifyingContract: token
+        },
+        types: EIP3009_TYPES,
+        primaryType: "TransferWithAuthorization",
+        message: { from, to, value, validAfter, validBefore, nonce },
+        signature: payload.signature
+      });
+    } catch (err) {
+      return { ok: false, error: "signature_invalid", detail: `Not a valid EIP-712 signature: ${shorten(err instanceof Error ? err.message : String(err))}.` };
+    }
+    if (recovered !== from) {
+      return { ok: false, error: "signature_invalid", detail: `Signature recovered to ${recovered}, not the authorizer ${from}.` };
+    }
+  }
+  try {
+    const used = await publicClient.readContract({
+      address: token,
+      abi: eip3009Abi,
+      functionName: "authorizationState",
+      args: [from, nonce]
+    });
+    if (used) {
+      return { ok: false, error: "tx_already_used", detail: `Authorization nonce ${nonce} already used or canceled on-chain.` };
+    }
+  } catch {
+    return { ok: false, error: "tx_not_found", detail: "Could not read authorizationState (transient RPC) \u2014 retry." };
+  }
+  const baseArgs = [from, to, value, validAfter, validBefore, nonce];
+  const isEcdsa = !isContractWallet && payload.signature.length - 2 === 130;
+  let writeArgs;
+  if (isEcdsa) {
+    const { r, s, yParity } = parseSignature(payload.signature);
+    writeArgs = [...baseArgs, BigInt(yParity + 27), r, s];
+  } else {
+    writeArgs = [...baseArgs, payload.signature];
+  }
+  try {
+    await publicClient.simulateContract({
+      account,
+      address: token,
+      abi: eip3009Abi,
+      functionName: "transferWithAuthorization",
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      args: writeArgs
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (/used or canceled/i.test(msg)) return { ok: false, error: "tx_already_used", detail: "Authorization is used or canceled." };
+    if (/expired|not yet valid/i.test(msg)) return { ok: false, error: "payment_expired", detail: shorten(msg) };
+    if (/invalid signature/i.test(msg)) return { ok: false, error: "signature_invalid", detail: shorten(msg) };
+    return { ok: false, error: "tx_reverted", detail: `transferWithAuthorization would revert: ${shorten(msg)}` };
+  }
+  let txHash;
+  try {
+    txHash = await walletClient.writeContract({
+      account,
+      chain,
+      address: token,
+      abi: eip3009Abi,
+      functionName: "transferWithAuthorization",
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      args: writeArgs
+    });
+  } catch (err) {
+    throw new SettlementError(
+      `exact settle: the merchant relayer failed to broadcast transferWithAuthorization (${shorten(err instanceof Error ? err.message : String(err))}). The payer's authorization is still valid and unused \u2014 fund/fix the relayer and the payer can retry.`,
+      { cause: err }
+    );
+  }
+  try {
+    const confirmations = accept.extra.minConfirmations ?? 1;
+    const receipt = await publicClient.waitForTransactionReceipt({ hash: txHash, confirmations });
+    if (receipt.status !== "success") {
+      return { ok: false, error: "tx_reverted", detail: `Settlement tx ${txHash} reverted on-chain.` };
+    }
+  } catch (err) {
+    throw new SettlementError(
+      `exact settle: broadcast ${txHash} but couldn't confirm it (${shorten(err instanceof Error ? err.message : String(err))}).`,
+      { cause: err }
+    );
+  }
+  return {
+    ok: true,
+    receipt: {
+      scheme: "exact",
+      success: true,
+      network: accept.network,
+      transaction: txHash,
+      asset: accept.asset,
+      amount: accept.amount,
+      payer: from,
+      payTo: accept.payTo,
+      verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+    }
+  };
+}
 // src/x402.ts
 var HEADER_REQUIRED = "payment-required";
 var HEADER_SIGNATURE = "payment-signature";
 var HEADER_RESPONSE = "payment-response";
-function decodeBase64(b64) {
-  if (typeof atob === "function") return atob(b64);
-  if (typeof Buffer !== "undefined") return Buffer.from(b64, "base64").toString("utf8");
-  throw new Error("No base64 decoder available in this runtime.");
-}
+var HEADER_SIGNATURE_V1 = "x-payment";
+var HEADER_RESPONSE_V1 = "x-payment-response";
 function encodeBase64(str) {
-  if (typeof btoa === "function") return btoa(str);
   if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
+  if (typeof btoa === "function" && typeof TextEncoder !== "undefined") {
+    const bytes = new TextEncoder().encode(str);
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+    return btoa(binary);
+  }
   throw new Error("No base64 encoder available in this runtime.");
 }
+function decodeBase64(b64) {
+  if (typeof Buffer !== "undefined") return Buffer.from(b64, "base64").toString("utf8");
+  if (typeof atob === "function" && typeof TextDecoder !== "undefined") {
+    const binary = atob(b64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+    return new TextDecoder().decode(bytes);
+  }
+  throw new Error("No base64 decoder available in this runtime.");
+}
 function fromBase64Json(b64) {
   try {
     return JSON.parse(decodeBase64(b64));
@@ -557,6 +905,36 @@ function parseSignatureHeader(value) {
   }
   return parsed;
 }
+function parseExactPaymentHeader(value) {
+  const parsed = fromBase64Json(value);
+  if (!parsed || typeof parsed !== "object") return null;
+  const v = parsed;
+  const accepted = v.accepted ?? null;
+  const scheme = accepted?.scheme ?? v.scheme;
+  if (scheme !== "exact") return null;
+  const network = accepted?.network ?? v.network;
+  if (typeof network !== "string") return null;
+  const payload = v.payload;
+  if (!payload || typeof payload !== "object") return null;
+  const signature = payload.signature;
+  const authorization = payload.authorization;
+  if (typeof signature !== "string" || !authorization || typeof authorization !== "object") return null;
+  for (const k of ["from", "to", "value", "validAfter", "validBefore", "nonce"]) {
+    if (typeof authorization[k] !== "string") return null;
+  }
+  const x402Version = typeof v.x402Version === "number" ? v.x402Version : 2;
+  const asset = accepted && typeof accepted.asset === "string" ? accepted.asset : void 0;
+  return {
+    x402Version,
+    network,
+    ...asset ? { asset } : {},
+    payload: {
+      signature,
+      authorization
+    },
+    raw: v
+  };
+}
 function isValidChallenge(value) {
   if (!value || typeof value !== "object") return false;
   const v = value;
@@ -568,7 +946,7 @@ function isValidChallenge(value) {
 function isValidReceipt(value) {
   if (!value || typeof value !== "object") return false;
   const v = value;
-  if (v.scheme !== "onchain-proof") return false;
+  if (v.scheme !== "onchain-proof" && v.scheme !== "exact") return false;
   if (typeof v.transaction !== "string" && typeof v.txHash !== "string") return false;
   if (typeof v.payer !== "string") return false;
   return true;
@@ -646,12 +1024,12 @@ function makeEvmNetwork(resolved) {
       }
       let normalized;
       try {
-        normalized = getAddress2(asset);
+        normalized = getAddress3(asset);
       } catch {
         return null;
       }
       for (const info of Object.values(resolved.tokens)) {
-        if (getAddress2(info.address) === normalized) {
+        if (getAddress3(info.address) === normalized) {
           return { symbol: info.symbol, decimals: info.decimals };
         }
       }
@@ -735,7 +1113,7 @@ function makeEvmNetwork(resolved) {
       let token = null;
       try {
         token = await publicClient.readContract({
-          address: getAddress2(asset),
+          address: getAddress3(asset),
           abi: erc20Abi3,
           functionName: "balanceOf",
           args: [owner]
@@ -767,6 +1145,21 @@ function makeEvmNetwork(resolved) {
         accept,
         minConfirmations: accept.extra.minConfirmations
       });
+    },
+    // Standard x402 `exact` rail (EIP-3009), seller side — EVM only.
+    async exactDomain(asset) {
+      return readExactDomain(publicClient, asset);
+    },
+    async settleExactSelf({ relayer, payload, accept }) {
+      const a = relayer._native;
+      return verifyAndSettleExactEvm({
+        publicClient,
+        walletClient: a.walletClient,
+        account: a.account,
+        chain: resolved.chain,
+        payload,
+        accept
+      });
     }
   };
 }
@@ -783,7 +1176,7 @@ var loaders = {
   solana: async () => {
     let mod;
     try {
-      mod = await import("./solana-7WJVZGDW.js");
+      mod = await import("./solana-S3UFI3FE.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Solana selected, but its packages aren't installed. Run: npm install @solana/web3.js @solana/spl-token bs58`,
@@ -795,7 +1188,7 @@ var loaders = {
   ton: async () => {
     let mod;
     try {
-      mod = await import("./ton-DGZB7W4U.js");
+      mod = await import("./ton-WPTXGLVK.js");
     } catch (cause) {
       throw new MissingDriverError(
         `TON selected, but its packages aren't installed. Run: npm install @ton/ton @ton/core @ton/crypto`,
@@ -807,7 +1200,7 @@ var loaders = {
   stellar: async () => {
     let mod;
     try {
-      mod = await import("./stellar-HV6VGZX3.js");
+      mod = await import("./stellar-Q5PO23SC.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Stellar selected, but its package isn't installed. Run: npm install @stellar/stellar-sdk`,
@@ -819,7 +1212,7 @@ var loaders = {
   xrpl: async () => {
     let mod;
     try {
-      mod = await import("./xrpl-UEC2GYVV.js");
+      mod = await import("./xrpl-HEAPEXAM.js");
     } catch (cause) {
       throw new MissingDriverError(
         `XRPL selected, but its package isn't installed. Run: npm install xrpl`,
@@ -831,7 +1224,7 @@ var loaders = {
   tron: async () => {
     let mod;
     try {
-      mod = await import("./tron-RLIL2FDI.js");
+      mod = await import("./tron-6GXBXTR4.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Tron selected, but its package isn't installed. Run: npm install tronweb`,
@@ -843,7 +1236,7 @@ var loaders = {
   sui: async () => {
     let mod;
     try {
-      mod = await import("./sui-2WFWVFJX.js");
+      mod = await import("./sui-WOXRKJXS.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Sui selected, but its package isn't installed. Run: npm install @mysten/sui`,
@@ -855,7 +1248,7 @@ var loaders = {
   near: async () => {
     let mod;
     try {
-      mod = await import("./near-7MBBCDUE.js");
+      mod = await import("./near-K6BDBABG.js");
     } catch (cause) {
       throw new MissingDriverError(
         `NEAR selected, but its package isn't installed. Run: npm install near-api-js`,
@@ -867,7 +1260,7 @@ var loaders = {
   aptos: async () => {
     let mod;
     try {
-      mod = await import("./aptos-YQWTGFRZ.js");
+      mod = await import("./aptos-LPBLSEIQ.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Aptos selected, but its package isn't installed. Run: npm install @aptos-labs/ts-sdk`,
@@ -879,7 +1272,7 @@ var loaders = {
   algorand: async () => {
     let mod;
     try {
-      mod = await import("./algorand-B67G4335.js");
+      mod = await import("./algorand-WGVF4KTU.js");
     } catch (cause) {
       throw new MissingDriverError(
         `Algorand selected, but its package isn't installed. Run: npm install algosdk`,
@@ -1663,7 +2056,10 @@ var PipRailClient = class {
     const chosen = priced.find((p) => p.quote.withinPolicy) ?? priced[0];
     return { net, wallet, accept: chosen.accept, challenge, quote: chosen.quote };
   }
-  /** The candidate accepts this client could pay: our scheme, on the bound network. */
+  /** The candidate accepts this client could pay: our scheme, on the bound network.
+   *  A dual-advertised challenge may also carry standard `exact` rails — the PipRail
+   *  client ignores those (it pays the backendless `onchain-proof` rail); the type
+   *  predicate narrows the `X402AnyAccept` union to the rails we settle. */
   gatherCandidates(net, challenge) {
     return challenge.accepts.filter(
       (a) => a.scheme === "onchain-proof" && net.supports(a.network)
@@ -2026,6 +2422,14 @@ function isReplayableBodyInit(value) {
 async function readInvalidReason(response) {
   try {
     const body = await response.clone().json();
+    const ext = body?.extensions;
+    const piprail = ext?.piprail;
+    if (piprail && typeof piprail.code === "string") {
+      return {
+        error: piprail.code,
+        detail: typeof piprail.detail === "string" ? piprail.detail : ""
+      };
+    }
     if (body && (body.status === "invalid" || typeof body.error === "string")) {
       return {
         error: typeof body.error === "string" ? body.error : "no error code",
@@ -2257,6 +2661,100 @@ function paymentTools(client) {
   ];
 }
+// src/facilitator.ts
+function safeStringify(value) {
+  return JSON.stringify(value, (_k, v) => typeof v === "bigint" ? v.toString() : v);
+}
+function mapReason(reason) {
+  const r = (reason ?? "").toLowerCase();
+  if (r.includes("signature")) return "signature_invalid";
+  if (r.includes("recipient")) return "wrong_recipient";
+  if (r.includes("value") || r.includes("amount")) return "amount_too_low";
+  if (r.includes("valid_before") || r.includes("valid_after") || r.includes("expired")) return "payment_expired";
+  if (r.includes("used") || r.includes("replay") || r.includes("nonce") || r.includes("transaction_state")) {
+    return "tx_already_used";
+  }
+  return "tx_reverted";
+}
+async function post(url, body, headers) {
+  const res = await fetch(url, {
+    method: "POST",
+    headers: { "content-type": "application/json", ...headers },
+    body: safeStringify(body)
+  });
+  let json = null;
+  try {
+    json = await res.json();
+  } catch {
+  }
+  return { status: res.status, json };
+}
+async function settleViaFacilitator(input) {
+  const base2 = input.url.replace(/\/+$/, "");
+  const body = {
+    x402Version: input.x402Version,
+    paymentPayload: input.paymentPayload,
+    paymentRequirements: input.paymentRequirements
+  };
+  const auth = input.authHeaders ? await input.authHeaders() : {};
+  let verify;
+  try {
+    verify = await post(`${base2}/verify`, body, auth);
+  } catch (err) {
+    throw new SettlementError(
+      `exact settle (facilitator ${base2}): /verify request failed (${err instanceof Error ? err.message : String(err)}).`,
+      { cause: err }
+    );
+  }
+  if (verify.status !== 200) {
+    throw new SettlementError(
+      `exact settle (facilitator ${base2}): /verify returned HTTP ${verify.status} (transport/auth error).`
+    );
+  }
+  const vr = verify.json ?? {};
+  if (vr.isValid === false) {
+    return {
+      ok: false,
+      error: mapReason(vr.invalidReason),
+      detail: `Facilitator rejected the payment: ${vr.invalidReason ?? "invalid"}${vr.invalidMessage ? ` \u2014 ${vr.invalidMessage}` : ""}.`
+    };
+  }
+  let settle;
+  try {
+    settle = await post(`${base2}/settle`, body, auth);
+  } catch (err) {
+    throw new SettlementError(
+      `exact settle (facilitator ${base2}): /settle request failed (${err instanceof Error ? err.message : String(err)}).`,
+      { cause: err }
+    );
+  }
+  if (settle.status !== 200) {
+    throw new SettlementError(
+      `exact settle (facilitator ${base2}): /settle returned HTTP ${settle.status} (transport/auth error).`
+    );
+  }
+  const sr = settle.json ?? {};
+  if (!sr.success) {
+    return {
+      ok: false,
+      error: mapReason(sr.errorReason),
+      detail: `Facilitator settlement failed: ${sr.errorReason ?? "unknown"}${sr.errorMessage ? ` \u2014 ${sr.errorMessage}` : ""}.`
+    };
+  }
+  const receipt = {
+    scheme: "exact",
+    success: true,
+    network: input.receipt.network,
+    transaction: sr.transaction,
+    asset: input.receipt.asset,
+    amount: input.receipt.amount,
+    payer: sr.payer ?? input.payerHint ?? "",
+    payTo: input.receipt.payTo,
+    verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  return { ok: true, receipt };
+}
 // src/server.ts
 function toInvalidBody(result) {
   return { x402Version: 2, status: "invalid", error: result.error, detail: result.detail };
@@ -2283,9 +2781,10 @@ function createPaymentGate(options) {
   const genNonce = options.generateNonce ?? (() => globalThis.crypto.randomUUID());
   let resolved;
   function ready() {
-    return resolved ??= (async () => {
+    if (resolved) return resolved;
+    const p = (async () => {
       const accepts = normaliseAccepts(options);
-      return Promise.all(
+      const specs = await Promise.all(
         accepts.map(async (a) => {
           const net = await resolveNetwork2({ chain: a.chain, rpcUrl: a.rpcUrl ?? options.rpcUrl });
           const payTo = a.payTo ?? options.payTo;
@@ -2297,10 +2796,52 @@ function createPaymentGate(options) {
           net.assertValidPayTo(payTo);
           const { asset, decimals, symbol } = net.resolveToken(a.token);
           const amountBase = parseUnits(a.amount, decimals);
-          return { net, asset, decimals, symbol, amountBase, amountFormatted: a.amount, payTo };
+          const spec = { net, asset, decimals, symbol, amountBase, amountFormatted: a.amount, payTo };
+          if (options.exact) spec.exact = await resolveExactRail(net, asset);
+          return spec;
         })
       );
+      if (options.exact && !specs.some((s) => s.exact)) {
+        throw new Error(
+          "requirePayment: `exact` was requested but none of the offered rails support it. The standard `exact` rail is EVM + EIP-3009 only (USDC / EURC) \u2014 not native coins, not USDT, not non-EVM chains. Offer an EVM EIP-3009 token, or drop `exact`."
+        );
+      }
+      return specs;
     })();
+    p.catch(() => {
+      if (resolved === p) resolved = void 0;
+    });
+    resolved = p;
+    return p;
+  }
+  async function resolveExactRail(net, asset) {
+    const cfg = options.exact;
+    if (net.family !== "evm" || asset === "native" || !net.exactDomain || !net.settleExactSelf) {
+      return void 0;
+    }
+    const domain = await net.exactDomain(asset);
+    if (!domain) {
+      throw new Error(
+        `requirePayment: \`exact\` requested for asset ${asset} on ${net.network}, but it isn't an EIP-3009 token (couldn't read name()/version()/authorizationState). The exact rail supports USDC / EURC and other EIP-3009 tokens \u2014 USDT and native coins need onchain-proof. (Or check your rpcUrl is reachable.)`
+      );
+    }
+    if (cfg.settle === "self") {
+      if (cfg.relayer === void 0) {
+        throw new Error(
+          "requirePayment: exact `settle: 'self'` needs a `relayer` wallet (the gas-paying key that broadcasts transferWithAuthorization), e.g. exact: { settle: 'self', relayer: { privateKey } }."
+        );
+      }
+      const relayer = net.bindWallet(cfg.relayer);
+      return { domain, mode: { kind: "self", relayer } };
+    }
+    return {
+      domain,
+      mode: {
+        kind: "facilitator",
+        url: cfg.settle.facilitator,
+        ...cfg.settle.authHeaders ? { authHeaders: cfg.settle.authHeaders } : {}
+      }
+    };
   }
   const hasCustomStore = Boolean(options.isUsed || options.markUsed);
   const localUsed = /* @__PURE__ */ new Set();
@@ -2337,93 +2878,191 @@ function createPaymentGate(options) {
       }
     };
   }
-  async function challenge(resourceUrl = "") {
+  function buildExactAccept(s) {
+    const d = s.exact.domain;
+    return {
+      scheme: "exact",
+      network: s.net.network,
+      amount: s.amountBase.toString(),
+      asset: s.asset,
+      payTo: s.payTo,
+      maxTimeoutSeconds,
+      extra: {
+        assetTransferMethod: "eip3009",
+        name: d.name,
+        version: d.version,
+        minConfirmations,
+        decimals: s.decimals,
+        amountFormatted: s.amountFormatted,
+        ...s.symbol ? { symbol: s.symbol } : {}
+      }
+    };
+  }
+  function buildAccepts(specs, nonce) {
+    const out = [];
+    for (const s of specs) {
+      if (s.exact) out.push(buildExactAccept(s));
+      out.push(buildAccept(s, nonce));
+    }
+    return out;
+  }
+  async function makeChallenge(resourceUrl, opts) {
     const specs = await ready();
     const nonce = genNonce();
     const challenge2 = {
       x402Version: 2,
-      error: null,
       resource: {
         url: resourceUrl,
         ...options.description ? { description: options.description } : {}
       },
-      accepts: specs.map((s) => buildAccept(s, nonce))
+      accepts: buildAccepts(specs, nonce),
+      ...opts?.error ? { error: opts.error } : {},
+      ...opts?.extensions ? { extensions: opts.extensions } : {}
     };
     return { challenge: challenge2, requiredHeader: buildChallengeHeader(challenge2) };
   }
+  async function challenge(resourceUrl = "") {
+    return makeChallenge(resourceUrl);
+  }
   async function asChallenge() {
-    const { challenge: c, requiredHeader } = await challenge();
+    const { challenge: c, requiredHeader } = await makeChallenge("");
     return { kind: "challenge", challenge: c, requiredHeader, statusCode: 402 };
   }
+  async function rejection(code, detail) {
+    const { challenge: c, requiredHeader } = await makeChallenge("", {
+      error: `${code}: ${detail}`,
+      extensions: { piprail: { code, detail } }
+    });
+    return { kind: "invalid", error: code, detail, challenge: c, requiredHeader, statusCode: 402 };
+  }
+  function fireOnPaid(receipt) {
+    if (options.onPaid) {
+      try {
+        options.onPaid(receipt);
+      } catch {
+      }
+    }
+  }
   async function describe(resourceUrl = "") {
     const specs = await ready();
-    const accepts = specs.map((s) => ({
-      scheme: "onchain-proof",
-      network: s.net.network,
-      asset: s.asset,
-      payTo: s.payTo,
-      amount: s.amountBase.toString(),
-      amountFormatted: s.amountFormatted,
-      decimals: s.decimals,
-      maxTimeoutSeconds,
-      ...s.symbol ? { symbol: s.symbol } : {}
-    }));
+    const accepts = [];
+    for (const s of specs) {
+      const base2 = {
+        network: s.net.network,
+        asset: s.asset,
+        payTo: s.payTo,
+        amount: s.amountBase.toString(),
+        amountFormatted: s.amountFormatted,
+        decimals: s.decimals,
+        maxTimeoutSeconds,
+        ...s.symbol ? { symbol: s.symbol } : {}
+      };
+      if (s.exact) accepts.push({ scheme: "exact", ...base2 });
+      accepts.push({ scheme: "onchain-proof", ...base2 });
+    }
     return {
       url: resourceUrl,
       ...options.description ? { description: options.description } : {},
       accepts
     };
   }
-  async function verify(paymentSignature) {
-    const raw = normaliseHeader(paymentSignature);
-    if (!raw) return asChallenge();
-    const sig = parseSignatureHeader(raw);
-    if (!sig || !sig.accepted || typeof sig.accepted.network !== "string" || typeof sig.accepted.asset !== "string") {
-      return asChallenge();
-    }
+  async function verifyOnchainProof(sig) {
     const specs = await ready();
     const spec = specs.find(
       (s) => s.net.network === sig.accepted.network && s.asset === sig.accepted.asset
     );
     if (!spec) {
-      return {
-        kind: "invalid",
-        error: "transfer_not_found",
-        detail: `Proof claims ${sig.accepted.asset} on ${sig.accepted.network}, which this resource doesn't accept (offered: ${specs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`,
-        statusCode: 402
-      };
+      return rejection(
+        "transfer_not_found",
+        `Proof claims ${sig.accepted.asset} on ${sig.accepted.network}, which this resource doesn't accept (offered: ${specs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`
+      );
     }
     const ref = sig.payload.txHash;
-    if (await claimTx(ref)) {
-      return {
-        kind: "invalid",
-        error: "tx_already_used",
-        detail: `Proof ${ref} was already redeemed.`,
-        statusCode: 402
-      };
-    }
+    if (await claimTx(ref)) return rejection("tx_already_used", `Proof ${ref} was already redeemed.`);
     const result = await spec.net.verify(ref, buildAccept(spec, sig.payload.nonce));
     if (!result.ok) {
       await settleTx(ref, false);
-      return {
-        kind: "invalid",
-        error: result.error,
-        detail: result.detail,
-        statusCode: 402
-      };
+      return rejection(result.error, result.detail);
     }
     await settleTx(ref, true);
-    if (options.onPaid) {
-      try {
-        options.onPaid(result.receipt);
-      } catch {
+    fireOnPaid(result.receipt);
+    return { kind: "paid", receipt: result.receipt, receiptHeader: buildReceiptHeader(result.receipt) };
+  }
+  async function verifyExact(exact) {
+    const specs = await ready();
+    const exactSpecs = specs.filter((s) => s.exact);
+    if (exactSpecs.length === 0) {
+      return rejection("transfer_not_found", "This resource offers no standard `exact` rail.");
+    }
+    const isCaip = exact.network.startsWith("eip155:");
+    let candidates = isCaip ? exactSpecs.filter((s) => s.net.network === exact.network) : exactSpecs;
+    if (exact.asset) {
+      candidates = candidates.filter((s) => s.asset.toLowerCase() === exact.asset.toLowerCase());
+    }
+    let spec = candidates[0];
+    if (!isCaip && !exact.asset && exactSpecs.length > 1) spec = void 0;
+    if (!spec && !isCaip && !exact.asset && exactSpecs.length === 1) spec = exactSpecs[0];
+    if (!spec || !spec.exact) {
+      return rejection(
+        "transfer_not_found",
+        `No \`exact\` rail offered for ${exact.network}${exact.asset ? `/${exact.asset}` : ""} (offered: ${exactSpecs.map((s) => `${s.asset}@${s.net.network}`).join(", ")}).`
+      );
+    }
+    const nonce = exact.payload.authorization.nonce;
+    if (await claimTx(nonce)) {
+      return rejection("tx_already_used", `Authorization nonce ${nonce} was already redeemed.`);
+    }
+    const accept = buildExactAccept(spec);
+    const mode = spec.exact.mode;
+    let result;
+    try {
+      if (mode.kind === "self") {
+        result = await spec.net.settleExactSelf({ relayer: mode.relayer, payload: exact.payload, accept });
+      } else {
+        result = await settleViaFacilitator({
+          url: mode.url,
+          ...mode.authHeaders ? { authHeaders: mode.authHeaders } : {},
+          // PipRail always builds a v2-shaped paymentRequirements (CAIP-2 network + `amount`),
+          // so force x402Version:2 — echoing a v1 client's version here would hand the facilitator
+          // a self-inconsistent request (v1 envelope, v2 requirements). The inner payload is
+          // byte-identical across versions, so forwarding it verbatim is fine.
+          x402Version: 2,
+          paymentPayload: exact.raw,
+          paymentRequirements: {
+            scheme: "exact",
+            network: accept.network,
+            asset: accept.asset,
+            amount: accept.amount,
+            payTo: accept.payTo,
+            maxTimeoutSeconds: accept.maxTimeoutSeconds,
+            extra: { name: accept.extra.name, version: accept.extra.version }
+          },
+          receipt: { network: accept.network, asset: accept.asset, payTo: accept.payTo, amount: accept.amount },
+          payerHint: exact.payload.authorization.from
+        });
       }
+    } catch (err) {
+      await settleTx(nonce, false);
+      throw err;
     }
-    return {
-      kind: "paid",
-      receipt: result.receipt,
-      receiptHeader: buildReceiptHeader(result.receipt)
-    };
+    if (!result.ok) {
+      await settleTx(nonce, false);
+      return rejection(result.error, result.detail);
+    }
+    await settleTx(nonce, true);
+    fireOnPaid(result.receipt);
+    return { kind: "paid", receipt: result.receipt, receiptHeader: buildReceiptHeader(result.receipt) };
+  }
+  async function verify(paymentSignature) {
+    const raw = normaliseHeader(paymentSignature);
+    if (!raw) return asChallenge();
+    const sig = parseSignatureHeader(raw);
+    if (sig && sig.accepted && typeof sig.accepted.network === "string" && typeof sig.accepted.asset === "string") {
+      return verifyOnchainProof(sig);
+    }
+    const exact = parseExactPaymentHeader(raw);
+    if (exact) return verifyExact(exact);
+    return asChallenge();
   }
   return { challenge, verify, describe };
 }
@@ -2432,14 +3071,20 @@ function requirePayment(options) {
   return async (req, res, next) => {
     let result;
     try {
-      result = await gate.verify(req.headers[HEADER_SIGNATURE]);
+      result = await gate.verify(req.headers[HEADER_SIGNATURE] ?? req.headers[HEADER_SIGNATURE_V1]);
     } catch (err) {
+      if (err instanceof SettlementError) {
+        res.status(502);
+        res.json({ x402Version: 2, error: "settlement_failed", detail: err.message });
+        return;
+      }
       next(err);
       return;
     }
     switch (result.kind) {
       case "paid":
         res.setHeader(HEADER_RESPONSE, result.receiptHeader);
+        res.setHeader(HEADER_RESPONSE_V1, result.receiptHeader);
         return next();
       case "challenge":
         res.setHeader(HEADER_REQUIRED, result.requiredHeader);
@@ -2447,8 +3092,9 @@ function requirePayment(options) {
         res.json(result.challenge);
         return;
       case "invalid":
+        res.setHeader(HEADER_REQUIRED, result.requiredHeader);
         res.status(result.statusCode);
-        res.json(toInvalidBody(result));
+        res.json(result.challenge);
         return;
     }
   };
@@ -2458,104 +3104,6 @@ function normaliseHeader(value) {
   return value;
 }
-// src/drivers/evm/exact.ts
-var EXACT_NETWORK_SLUGS = {
-  ethereum: 1,
-  base: 8453,
-  "base-sepolia": 84532,
-  arbitrum: 42161,
-  optimism: 10,
-  polygon: 137,
-  avalanche: 43114
-};
-function chainIdForExactNetwork(slug) {
-  return EXACT_NETWORK_SLUGS[slug] ?? null;
-}
-var EIP3009_TYPES = {
-  TransferWithAuthorization: [
-    { name: "from", type: "address" },
-    { name: "to", type: "address" },
-    { name: "value", type: "uint256" },
-    { name: "validAfter", type: "uint256" },
-    { name: "validBefore", type: "uint256" },
-    { name: "nonce", type: "bytes32" }
-  ]
-};
-function parseExactRequirements(body) {
-  if (!body || typeof body !== "object") return null;
-  const accepts = body.accepts;
-  if (!Array.isArray(accepts)) return null;
-  const out = [];
-  for (const raw of accepts) {
-    if (!raw || typeof raw !== "object") continue;
-    const a = raw;
-    if (a.scheme !== "exact") continue;
-    const amount = a.maxAmountRequired ?? a.amount;
-    if (typeof a.network !== "string" || typeof amount !== "string" || typeof a.asset !== "string" || typeof a.payTo !== "string") {
-      continue;
-    }
-    out.push({
-      scheme: "exact",
-      network: a.network,
-      maxAmountRequired: amount,
-      asset: a.asset,
-      payTo: a.payTo,
-      maxTimeoutSeconds: typeof a.maxTimeoutSeconds === "number" ? a.maxTimeoutSeconds : 600,
-      ...a.extra && typeof a.extra === "object" ? { extra: a.extra } : {},
-      ...typeof a.description === "string" ? { description: a.description } : {},
-      ...typeof a.resource === "string" ? { resource: a.resource } : {}
-    });
-  }
-  return out;
-}
-async function buildExactAuthorization(params) {
-  const { account, accept, chainId, now, nonce } = params;
-  if (!account.signTypedData) {
-    throw new Error("buildExactAuthorization: the account cannot sign EIP-712 typed data.");
-  }
-  const authorization = {
-    from: account.address,
-    to: accept.payTo,
-    value: accept.maxAmountRequired,
-    validAfter: "0",
-    validBefore: String(now + accept.maxTimeoutSeconds),
-    nonce
-  };
-  const signature = await account.signTypedData({
-    domain: {
-      name: accept.extra?.name ?? "USD Coin",
-      version: accept.extra?.version ?? "2",
-      chainId,
-      verifyingContract: accept.asset
-    },
-    types: EIP3009_TYPES,
-    primaryType: "TransferWithAuthorization",
-    message: {
-      from: authorization.from,
-      to: authorization.to,
-      value: BigInt(authorization.value),
-      validAfter: BigInt(authorization.validAfter),
-      validBefore: BigInt(authorization.validBefore),
-      nonce: authorization.nonce
-    }
-  });
-  return { authorization, signature };
-}
-function base64(str) {
-  if (typeof btoa === "function") return btoa(str);
-  if (typeof Buffer !== "undefined") return Buffer.from(str, "utf8").toString("base64");
-  throw new Error("No base64 encoder available in this runtime.");
-}
-function encodeXPaymentHeader(input) {
-  const payload = {
-    x402Version: input.x402Version ?? 1,
-    scheme: "exact",
-    network: input.network,
-    payload: { signature: input.signature, authorization: input.authorization }
-  };
-  return base64(JSON.stringify(payload));
-}
 // src/discovery.ts
 var GENERATOR = "@piprail/sdk \xB7 https://piprail.com";
 function pathOf(url) {
@@ -2616,6 +3164,11 @@ export {
   EIP3009_TYPES,
   EXACT_NETWORK_SLUGS,
   GENERATOR,
+  HEADER_REQUIRED,
+  HEADER_RESPONSE,
+  HEADER_RESPONSE_V1,
+  HEADER_SIGNATURE,
+  HEADER_SIGNATURE_V1,
   InsufficientFundsError,
   InvalidEnvelopeError,
   MaxRetriesExceededError,
@@ -2627,6 +3180,7 @@ export {
   PipRailClient,
   PipRailError,
   RecipientNotReadyError,
+  SettlementError,
   UnknownTokenError,
   UnsupportedNetworkError,
   WrongChainError,
@@ -2640,22 +3194,26 @@ export {
   buildX402DnsTxt,
   chainIdForExactNetwork,
   createPaymentGate,
+  eip3009Abi,
   encodeXPaymentHeader,
   evaluatePolicy,
   normalizeNetwork,
   parseChallenge,
+  parseExactPaymentHeader,
   parseExactRequirements,
   parseReceipt,
   parseSignatureHeader,
   paymentTools,
   pickAccept,
   planAcross,
+  readExactDomain,
   register402Index,
   registerDriver,
   registerX402Scan,
   requirePayment,
   resolveChain,
   searchOpenIndexes,
+  settleViaFacilitator,
   toInsufficientFundsError,
   toInvalidBody
 };